openstreetmap-website icon indicating copy to clipboard operation
openstreetmap-website copied to clipboard

Published 20 hours ago verified publisher icon openstreetmap

Redirect oauth user back to original page after email confirmation

Open christoph-buente opened this issue 10 years ago • 9 comments

For wheelmap.org we allow users to login via oauth with a valid openstreetmap.org account. But new users, who sign up with wheelmap (and consequently with openstreetmap) end on a welcome page after they click the confirmation page in their email.

http://www.openstreetmap.org/welcome

This behavior might be intended for users who signed for openstreetmap directly, but wheelmap users (and possibly other users of third party services using oauth) are pretty much lost.

Is there a way to redirect these users to the original website after they clicked the confirmation link? Maybe by passing an additional parameter when sending them to the osm login page?

That would be very helpful. I could possibly provide a pull request after a discussion.

christoph-buente avatar Feb 10 '15 23:02 christoph-buente

They should get sent to whatever callback URL you specified in your oauth requests - there are tests for that I believe.

tomhughes avatar Feb 11 '15 00:02 tomhughes

https://github.com/openstreetmap/openstreetmap-website/blob/master/test/integration/oauth_test.rb#L225 is the test in question.

tomhughes avatar Feb 11 '15 00:02 tomhughes

i think the point is about new users, which has to create a new OSM account first. Not only authorise them.

HolgerJeromin avatar Feb 11 '15 08:02 HolgerJeromin

Right, but they should still end up going through oauthorize at the end right, to authorize the new account?

tomhughes avatar Feb 11 '15 08:02 tomhughes

Yes, they need to finish the authorize process and end up on the page they came from.

christoph-buente avatar Feb 12 '15 10:02 christoph-buente

My point was that when they get to oauthorize the callback URL should still work and send them back to your site.

tomhughes avatar Feb 12 '15 10:02 tomhughes

Hey, this is still an issue.

The flow is:

  1. A user (without OSM-account) browses an app (e.g. wheelmap.org or mapcomplete.org)
  2. They want to edit a feature, so they click 'log in'
  3. They create a new account and land on the 'verify your email'-step
  4. They open their email client, find the email and click the 'verify my email address link'
  5. The 'verify my email address' redirects to the OSM-homepage, which they have never seen before... This should instead take them back to the original webpage or application.

(I made a quick screencap here: https://imgur.com/a/sCZJaZA):

Part two is especially interesting: https://i.imgur.com/RUFLQof.mp4

pietervdvn avatar Sep 01 '23 21:09 pietervdvn

What we really need is the full list of URLs that are visited so that we can tell where the callback is getting list - in theory it should be preserved through the signup process but that is notoriously complex.

tomhughes avatar Sep 02 '23 11:09 tomhughes

PR #4329 makes the signup somewhat easier, by adding "Continue with authorization" on the final Welcome screen.

milan-cvetkovic avatar Mar 25 '24 13:03 milan-cvetkovic